ExpressVPN on Thursday removed its physical VPN (virtual private network) servers from India because it disagreed with the new VPN rules introduced in the country that restrict internet freedom.
Under the new data law, all VPN providers are required to collect/store user information for at least five years – even after users stop using the service – and transfer it to the Indian Computer Emergency Response Team (CERT- In).
The new VPN order in India, which takes effect on June 27, 2022, requires companies to store users’ real names, their assigned IP addresses, usage patterns and other identifying data.
“The new data law initiated by India’s Computer Emergency Response Team (CERT-In) aimed at fighting cybercrime is incompatible with the purpose of VPNs, which are designed to keep users’ online activities private,” it wrote. business in a blog. after.
“The law also goes too far and is so broad that it opens the door to potential abuse. We believe that the harm caused by potential misuse of this type of legislation far outweighs the benefits lawmakers claim.”
As a result of the new data law, ExpressVPN removed its physical VPN servers in India on June 2, 2022. However, users in India can still connect to VPN servers that give them Indian IP addresses and access the Internet as if they were in the country.
The “virtual” India VPN servers are not physically located in the country, but instead are physically located in Singapore and the UK. The user just needs to select the VPN server location, “India (via Singapore)” or “India (via UK)”. ExpressVPN also clarified that users will experience “minimal difference” as a result of this change.
It is worth noting that the VPN service provider has been operating its virtual server locations “India (via UK)” for several years now. These virtual locations use the registered IP address that corresponds to the country that a user wants to connect to, while the server is physically located in a different country.
ExpressVPN said it uses virtual locations where necessary to provide faster, more reliable connections.
“As for internet users based in India, they can use ExpressVPN with the confidence that their online traffic is not logged or stored and that it is not monitored by their government,” the company added.
ExpressVPN assured that it is focused on protecting privacy and free speech online. It never collects logs of user activity, including no logging of browsing history, traffic destination, data content or DNS queries.
It also never stores connection logs, meaning there are no logs of IP addresses, outgoing VPN IP addresses, connection timestamps or session duration.
“Not only is it our policy that we don’t accept logging, but we’ve also specifically designed our VPN servers to be unable to log in, even by running in RAM. It is unlikely that data centers will be able to accommodate this policy and our server architecture under these new regulations, and so we will move forward without physical servers in India,” it added.
While ExpressVPN is the first VPN service provider to leave India, companies like NordVPN, ProtonVPN, PureVPN and Surfshark are also considering removing their servers from the country if no other options are available.